The CVE-2024-8759 vulnerability has been discovered in the Nested Pages plugin, which allows attackers to carry out an attack using stored cross-site scripts (XSS). This vulnerability can be exploited to create a backdoor or even hack into an administrator account, making it a serious security issue for websites using the plugin.
CVE | CVE-2024-8759 |
Plugin | Nested Pages < 3.2.9 |
Critical | Low |
All Time | 1 946 663 |
Active installations | 100 000+ |
Publicly Published | October 11, 2024 |
Last Updated | October 11, 2024 |
Researcher | Artyom Krugov |
OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
PoC | Yes |
Exploit | No |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8759/ https://wpscan.com/vulnerability/3dd41ecb-d0dc-4c23-9e5b-b1f7fbaaddfd/ |
Plugin Security Certification by CleanTalk | |
Logo of the plugin |
Timeline
August 28, 2024 | Plugin testing and vulnerability detection in the Nested Pages have been completed |
August 28, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
October 11, 2024 | Registered CVE-2024-8759 |
Discovery of the Vulnerability
A vulnerability in the Nested Pages plugin was discovered during security testing. It was discovered that by injecting malicious scripts into certain fields of the form, such as the “Header” field when creating or editing pages, an attacker could store and execute scripts on behalf of the administrator. This is a classic case of stored XSS, where a malicious payload remains on the system and is triggered when a privileged user interacts with compromised data.
Understanding of XSS attack’s
Stored Cross-Site Scripting (XSS) occurs when an attacker manages to store malicious scripts in a website’s database or system, which are later executed by other users or administrators who access that compromised data. In the context of WordPress, plugins that allow user input or interaction are particularly vulnerable if they don’t sanitize input properly.
Exploiting the XSS Vulnerability
To exploit this vulnerability in the Nested Pages plugin, an attacker would typically follow these steps:
POC:
- Log in to the WordPress site as a low-privileged user or find a way to create a new page.
- Navigate to the “All Pages” section in the WordPress dashboard.
- Create a new page and select the “Add Child Page” option.
- In the “Title” field of the child page, insert the payload encoded in HTML to bypass initial filters.
- After saving the page, reopen the page as an administrator, triggering the execution of the XSS payload.
PoC: "><script></script><img src=x onerror=alert(333)>
____
The risks associated with CVE-2024-8759 are significant. Successful exploitation can lead to the seizure of the administrator account, which will allow an attacker to gain full control over the WordPress site. This may lead to unauthorized access to confidential information, damage to the site, or use of a compromised site to carry out further attacks.
Recommendations for Improved Security
To reduce the risks associated with CVE-2024-8759, WordPress administrators should update the Nested Pages plugin to the latest version as soon as an update is available. Developers should implement strict input cleanup to ensure that fields such as “Title” cannot accept JavaScript or other malicious code.
In addition, administrators should check and restrict user roles and permissions, limiting the ability of authors and editors to insert HTML or JavaScript without filters. Installing a security plugin that monitors XSS attacks and blocks malicious scripts can provide an additional layer of protection. Regular security checks and plugin updates should also be carried out to prevent future vulnerabilities.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-8759, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #Vulnerability
Use CleanTalk solutions to improve the security of your website
Artyom k.